It can happen but don't underestimate the effort of step 3. Also it's better than the alternatives. Storing plaintext means that B is done at step 2. Storing encrypted passwords means B just needs the key, which is stored in process memory.
–
bmm6oJun 26 '14 at 16:11

3 Answers
3

Databases generally store hashed passwords (as they should), but some store it plaintext (just remember this!). If someone were to find a hash collision that matched the stored, unsalted, and hashed password, then yes, they would be able to use that collision to login, because the client would send the password to the server, the server would calculate the hash and compare it to the one in the database. Since the two match (different input, same hashed value), login would succeed. However, I might like to add, it's more computationally feasible that one would bruteforce the password as opposed to finding a collision, especially with the generally small size of a password.

Best practice is to use a slow hashing function like PBKDF2 or Scrypt as brute-forcing the hash of a typical password is trivial. The resulting hash is stored in the database. When a user logs in, their password is fed through the aforementioned function and the output compared with the hash stored in the database. Assuming a salt is used, the work factor is sufficient, and the output is sufficiently long (say 256 bits), no collisions should occur, and brute-forcing becomes infeasible.

Perhaps it could, but it's unlikely. It is usually easier to find the original password rather than a collision. With a strong hash function, it is difficult to find another string with the same hash as the string 'hello', but easy to quickly verify whether the hash really matches 'hello'.

Even strong key-derivation functions have to use few enough rounds to handle a number of users (on the server), so they would usually allow an attacker to make tens to thousands of guesses per second. When a salt is used, each user's hash has to be attacked individually. Nevertheless, if the password is e.g. on a list of top 1000 passwords (which can be over 90% of them), like 'hello' is, it will fall in a matter of seconds.